CWE-1100
Insufficient Isolation of System-Dependent Functions
BaseIncomplete
Description
The product or code does not isolate system-dependent functionality into separate standalone modules.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32575 | — | Med | 0.42 | 6.5 | 0.01 | Jun 17, 2021 | HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | |
| CVE-2024-7045 | Med | 0.28 | 4.3 | 0.00 | Mar 20, 2025 | In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve… |
- risk 0.42cvss 6.5epss 0.01
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
- risk 0.28cvss 4.3epss 0.00
In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve…